b'Officeof~\n.INSPECTOR GENERAL\n\nI\n    .... Audit Report\n\n\n\n\n                        October 1996\n\x0cINSPECTOR GENERAL\n\n\n\n\n UNITED STATES INTERNATIONAL TRADE COMMISSION\n\n                          WASHINGTON, D.C. 20436\n\nOctober 18, 1996\n\nTO: THE COMMISSION\n\nI hereby submit an Analysis of the U.S. International Trade Commission\'s\nPrivacy Act Systems of Records, Report No. IG-01-97. The Privacy Act of\n1974 is the primary federal statute aimed at protecting individual privacy.\nIt imposes government-wide standards on how agencies collect, maintain,\nuse, and disseminate personal information. Each agency is primarily\nresponsible for its own implementation of the Privacy Act in accordance\nwith agency guidelines prepared by the Office of Management and Budget\n(OMS). Most provisions of the Act apply only to agency records maintained\nin a system of records from which information is retrieved by name or other\nindividual identifier.\n\nThe Commission has Privacy Act notices for five systems of records. Four\nof these systems date from 1975. The fifth system, covering inspector\ngeneral records, was added in 1990. All notices are out of date in some\nrespect. The Commission began to prepare notices to amend the existing\nsystems and add two systems in 1996. Both the existing and proposed\nnew system notices were the subject of this analysis.\n\nThe objective of this analysis was to conduct a comprehensive and critical\nreview of the Commission\'s implementation of the Privacy Act. Specific\nobjectives included reviewing existing Privacy Act notices and proposed\nrevisions to determine which systems of records should be retained,\nestablished, or reorganized; identifying additional systems of records that\nneed to be established; examining system notices for content, format, and\ndegree of specificity; and determining whether the Commission is in\ncompliance with major provisions of the Act.\n\nThis analysis was conducted by Robert Gellman, Privacy and Information\nPolicy Consultant. He found that existing Commission notices contain\noutdated and/or extraneous information. Common elements of the notices\nalso contain unnecessary differences. In addition, the Commission\'s\nPrivacy Act rules, which are separate from the notices, are outdated and\nneed to be revised to be more consistent with the Privacy Act. Several\nCommission forms do not include required Privacy Act notices. The\nCommission is in compliance with the Act\'s requirement for maintaining an\n\x0caccounting of disclosures and with OMS requests for data for Privacy Act\nreports. However, the Commission did not comply with OMS requirements\nfor regular reviews of Privacy Act activities.\n\nGellman concurred with the proposed notices that would have deleted one\nof the existing systems of records, updated the other four systems, and\nadded two new systems. He also identified five additional systems of\nrecords that we believe should be established, despite some uncertainty\nwhether the records qualify as Privacy Act systems. He also recommended\nthat Commission Privacy Act notices include a reference to government-\nwide system notices applicable to Commission records.\n\nThe deficiencies at the Commission are at least partially due to the limited\nawareness of \xc2\xb7the Privacy Act and its requirements by senior Commission\nstaff, which is not unusual for an agency that conducts no official activities\nwith individuals and engages in little routine Privacy Act business. Until\nseveral years ago, the Commission never received a Privacy Act request for\naccess. In addition, the Commission\'s Privacy Act Officer, the Director of\nPersonnel, understandably has a limited view of his responsibilities which\nare not defined in federal regulations or Commission policy.\n\nThis report documents that the Commission is not in compliance\' with\nseveral requirements of the Privacy Act. The Act includes a criminal\npenalty for willfully maintaining a system of records without meeting the\nnotice requirement, but there has never been a prosecution under this\nsection. In theory, the Commission\'s failure to have a notice for all systems\nof records or accurate notices for existing systems could give rise to liability\nunder the Privacy Act provisions for civil remedies. However, it seems\nunlikely that any individual could successfully demonstrate the adverse\neffect that is an essential requirement of a lawsuit. Potential liability can\nbe avoided altogether by updating and republishing Privacy Act system\nnotices and by putting proper notices on forms.\n\nIn the draft report, we recommended that the Director of Personnel, in his\ncurrent capacity as the Commission\'s Privacy Act Officer, coordinate with\nthe appropriate Commission officials and oversee the implementation of the\nactions needed to correct the above deficiencies. These actions are stated\nthroughout the report and summarized on page 23.\n\nIn his response, the Director of Personnel stated that the threshold issue of\ndeciding who should be the Privacy Act Officer should be addressed first\nso that whoever is eventually charged with administrative responsibility will\nhave the benefit of participating in the program\'s implementation. Further,\nhe reported that the Office of General Counsel work to redraft the\nCommission\'s systems of records and revised rules is in an advanced stage,\nwhich will accomplish the majority of the needed actions identified in our\nreport. His response is presented as an appendix to this report.\n\nThe Chairman concurred with the Director of Personnel\'s response and\nformed a group under the chairmanship of the Director of Administration to\n\n                                       2\n\x0cundertake a review to determine where Privacy Act administration should\nbe assigned. The group is to forward a recommendation to the Chairman\nby October 31, 1996. Accordingly, we revised the report to recommend\nthat the Director of Administration, in his capacity as chairman of the above\nmentioned group, notify Committee members of the need to continue\nworking on implementation of the recommendations, and to notify the\nPrivacy Act Officer, when one is designated, of his or her responsibility to\nrespond to the recommendations in the final report. He agreed to take\nthese actions.\n\n\n\n\n                                          L~~~\n                                            Inspector General\n\n\n\n\n                                      3\n\x0c                                           TABLE OF CONTENTS\n\nI. Introduction                                                                                                                                                             1\n        A. Objectives                                                                                                                                                       1\n        B. Scope and Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..                                                                 2\n\nII. Systems of Records Notices                                                                                                                                              3\n        A. Existing Systems: Retain, Eliminate, or Reorganize?                                                                                                              3\n               1. Employment and Financial Disclosure Records                                         .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   ..    4\n               2. Budgetary and Payroll-Related Records . . . . .                                     .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   ..    4\n               3. Time and Attendance Records . . . . . . . . . . .                                   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   ..    4\n               4. Grievance Records . . . . . . . . . . . . . . . . . . .                             .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   ..    4\n               5. OIG Investigative Files General and Criminal                                                                                                              4\n        B. Proposed New Systems                                                                                                                                             5\n               1. Telephone Call Detail Records                                                                 . . . . . . . . . . . ..                                    5\n               2. Security Key Use Records . . . . . . . . . . . . . .                                . . . . . . . . . . . . . . . . ..                                    5\n        C. Additional Systems of Records                                                                                                                                    6\n               1. Security Officer Control Files. . . . . . . . . . . .                               . . . . . . . . . . . . . . . . ..                                    6\n               2. Library Circulation Records                                                                                                                               7\n               3. Parking Records. . . . . . . . . . . . . . . . . . . . .                            . . . . . . . . . . . . . . . . ..                                    8\n               4. Mailing List . . . . . . . . . . . . . . . . . . . . . . . .                        . . . . . . . . . . . . . . . . ..                                    8\n               5. Congressional Correspondence Records                                                                                                                      9\n        D. Possible Systems of Records . . . . . . . . . . . . . . . . .                              . . . . . . . . . . . . . . . . ..                                    9\n               1. Activity Accounting                                                                                                                                       9\n               2. Web Page . . . . . . . . . . . . . . . . . . . . . . . . .                          . . . . . . . . . . . . . . . . ..                                    9\n               3. LocatorlTelephone Records . . . . . . . . . . . . .                                 . . . . . . . . . . . . . . . . ..                                    9\n               4. Administrative Protective Orders                                                                                                                         10\n        E. Government-Wide Systems . . . . . . . . . . . . . . . . . .                                . . . . . . . . . . . . . . . ..                                     10\n        F. Accuracy of System Notices: General Observations                                                                                                                11\n               1. Common Elements . . . . . . . . . . . . . . . . . . .                               . . . . . . . . . . . . . . . ..                                     11\n               2. Structuring Common Routine Uses . . . . . . . .                                     . . . . . . . . . . . . . . . ..                                     12\n               3. Adequacy of Existing Common Routine Uses                                                                                                                 13\n               4. Internal Routine Uses                                                                 . . . . . . . . . . . . . . ..                                     13\n               5. Descriptions of Policies and Practices. . . . . .                                   . . . . . . . . . . . . . . . ..                                     13\n        G. Accuracy of System Notice - Specific Comments                                                                                                                   15\n               1. Employment and Financial Disclosure Records                                         .   .   .   .   .   .   .   . .     .   .   .   .   .   .   ..       15\n               2. Budgetary and Payroll-Related Records . . . . .                                     .   .   .   .   .   .   .   . .     .   .   .   .   .   .   ..       15\n               3. Time and Attendance Records. . . . . . . . . . .                                    .   .   .   .   .   .   .   ..      .   .   .   .   .   .   ..       17\n               4. Grievance Records . . . . . . . . . . . . . . . . . . .                             .   .   .   .   .   .   .   . .     .   .   .   .   .   .   ..       17\n               5. OIG Investigative Files General and Criminal                                                                                                             17\n               6. Telephone Call Detail Records                                                             . . . . . . . . . . . . ..                                     17\n               7. Security Key Use Records . . . . . . . . . . . . . .                                . . . . . . . . . . . . . . . ..                                     18\n\nIII. Other Privacy Act Requirements                                                                                                                                        18\n        A. Privacy Act Rules                                                                                                                                               21\n        B. Accounting .... . . . . . . . . . . . . . . . .        .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   ..       18\n        C. Forms. . . . . . . . . . . . . . . . . . . . . . . .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   ..       20\n        D. Computer Matching . . . . . . . . . . . . . .          .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   ..       21\n        E. Reporting and Reviewing Requirements.                  .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   ..       21\n\x0c         F. Personnel Familiarity with the Privacy Act. . . . . . . . . . . . . . . . . . . . . . . ..                   22\n         G. Vulnerability Assessment for Litigation . . . . . . . . . . . . . . . . . . . . . . . . . ..                 23\n\nIV. Summary of Recommendations                                                                                           23\n\nAttachment: Suggested Common Routine Uses                                                                                25\n\nNotes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..   29\n\nAppendix: Final Response to Inspector General\'s Draft Report: Analysis of USITC\'s Privacy\nAct Systems of Records, September 30, 1996\n\x0c             ANALYSIS OF THE U.S. INTERNATIONAL TRADE COMMISSION\'S\n                       PRIVACY ACT SYSTEMS OF RECORDS\n\nI. Introduction\n\n        The United States International Trade Commission (USITC) is an independent federal\nagency. As with other federal agencies, the Commission is subject to the Privacy Act of\n1974.\' The Privacy Act is a general privacy and records management statute establishing\nrules and procedures for the collection, maintenance, use, and disclosure of personal\ninformation about identifiable individuals. Most provisions of the Act apply only to agency\nrecords maintained in a system of records from which information is retrieved by name or other\nindividual identifier.\n\n       Major provisions of the Privacy Act require agencies to:\n\n              \xe2\x80\xa2 limit disclosure to those expressly authorized in the statute\'\' or through routine\n       uses" defined by the agency;\n\n                  \xe2\x80\xa2 maintain an accounting for all disclosures:"\n\n              \xe2\x80\xa2 allow the subject of a record to have access to and to request amendment of\n       the record:"\n\n               \xe2\x80\xa2 inform each individual asked to supply personal information of the purpose and\n       basis for the request:"\n\n                  \xe2\x80\xa2 publish descriptions of each agency system of records in the Federal Register; 7\n\n                  \xe2\x80\xa2 promulgate rules to carry out the provisions of the Privacy Act:"\n\n                  \xe2\x80\xa2 establish an administrative mechanism to oversee agency computer matching\n       activities."\n\n\nA. Objectives\n\n       I reviewed Commission\'s compliance with major requirements of the Privacy Act of\n1974 and ongoing activities to update existing system of records notices. Specific objectives\nwere to:\n\n             \xe2\x80\xa2 review existing Privacy Act notices and proposed revrsions and determine\n       which systems of records should be retained, established, or reorganized;\n\n\n               \xe2\x80\xa2 for systems that do not need to be retained, determine whether any other\n        action needs to be taken, such as adopting another agency\'s system notice;\n\n               \xe2\x80\xa2 for systems that do need to be retained or established, determine the accuracy\n        and/or propriety of all information in the notice;\n\n\n\n                                                   1\n\x0c             \xe2\x80\xa2 identify additional systems of records that need to be established;\n\n             \xe2\x80\xa2 compare system notices for content, format, and degree of specificity;\n\n             \xe2\x80\xa2 determine whether the Commission is in compliance with major provisions of\n      the Act;\n\n            \xe2\x80\xa2 identify agency requirements in OMB Circular A-130 and determine whether\n      the Commission is in compliance and how long the Commission was not in compliance;\n\n             \xe2\x80\xa2 conduct a vulnerability assessment of potential litigation challenges under the\n      Act;\n\n            \xe2\x80\xa2 determine whether the contract with the Commission\'s security contractor\n      makes provisions of the Act binding on the contractor and its employees;\n\n             \xe2\x80\xa2 evaluate whether Commission personnel are familiar with the requirements of\n      the Act and conduct a vulnerability assessment of potential litigation risks;\n\n             \xe2\x80\xa2 review the circumstances of three open investigations involving potential\n      Privacy Act violations.\n\nB. Scope and Methodology\n\n       I conducted a review of the Commission\'s Privacy Act policies, practices, system\nnotices, and rules during July and August 1996 at USITC headquarters in Washington, DC.\nThe review was conducted in accordance with generally accepted government auditing\nstandards. The review included these elements:\n\n             \xe2\x80\xa2 interviews with managers for each existing and proposed system of records\n      and with the Director of the Office of Personnel, Director of the Office of Finance and\n      Budget, Inspector General, Director of the Office of Management Services, an Assistant\n      General Counsel, Director of the Office of Information Services, Director of the Office\n      of Administration, Secretary to the Commission, Director of the Office of Equal\n      Employment Opportunity, Director of the Office of External Relations, and Director of\n      the Office of Management Services\n\n             \xe2\x80\xa2 examination of existing and proposed\'? Privacy Act system of records notices\n\n              \xe2\x80\xa2 examination of Commission forms that may be subject to Privacy Act notice\n      req uirements\n\n             \xe2\x80\xa2 examination of Commission Privacy Act regulations.\n\n      This audit relied upon these documents and publications:\n\n             \xe2\x80\xa2 OMB Privacy Act Guidance, 40 Federal Register 28948 (July 9, 1975);\n\n              \xe2\x80\xa2 OMB Circular A-130 on Management of Federal Information Resources, 61\n       Federal Register 6428 (February 20, 1996) (Appendix I);\n\n                                             2\n\x0c             \xe2\x80\xa2 OMB Guidelines on the Relationship of the Debt Collection Act of 1982 to the\n      Privacy Act of 1974, 48 Federal Register 15556 (April 11, 1983);\n\n               \xe2\x80\xa2 Debt Collection Improvement Act of 1996;\n\n              \xe2\x80\xa2 OMB Guidance on the Privacy Act Implications of "Call Detail" Programs to\n       Manage Employees\' Use of the Government\'s Telecommunications Systems, 52 Federal\n       Register 12290 (April 20, 1987);\n\n              \xe2\x80\xa2 OMB Final Guidance Interpreting the Provisions of Public Law 100-503,\n       Computer Matching and Privacy Protection Act of 1988, 54 Federal Register 25817\n       (June 19, 1989);\n\n              \xe2\x80\xa2 OPM Republication of Government-Wide System of Records Notices, 61\n       Federal Register 36919 (July 15, 1996);\n\n               \xe2\x80\xa2 Office of Federal Register, Privacy Act Issuances (1993 Compilation) (CD-\n       ROM).\n\n\nII. Systems of Records Notices\n\n        There are Privacy Act notices for five existing Commission systems of records. Four\nof these systems date from 1975. The fifth system, covering inspector general records, was\nadded in 1990. All notices are out of date in some respect. The Commission became aware\nof this and began to prepare amended and additional system notices. Both the existing and\nproposed new system notices were the subject of this audit.\n\n       The Privacy Act gives agencies considerable discretion in defining its systems of\nrecords. There is no single right way to define systems. Major factors identified in the OMS\nPrivacy Act Guidelines are the protection of individual rights under the Act the cost and\nconvenience to the agency. 11\n\n       A. Existing Systems: Retain, Eliminate, or Reorganize?\n\n       1. Employment and Financial Disclosure Records - The Deputy Designated Agency\nEthics Official manages this system of records. The system notice contains financial\ndisclosure forms required under ethics laws. A government-wide system notice maintained\nby the Office of Government Ethics also covers the records.\'!\n\n        In the Commission\'s draft revision of its system notices, this system was to be\neliminated in favor of sole reliance on the OGE system. This is appropriate. There is no need\nto maintain a separate Commission system notice. Reasons to maintain a local system are if\nit contains additional, locally-provided information not described in the OGE notice or if there\nis a need for additional routine uses. I found no evidence that either reason is applicable.\n\nRecommendation\n\n       Eliminate the Employment and Financial Disclosure Records system notice. \\\n\n\n\n                                               3\n\x0c       2. Budgetary and Payroll-Related Records - The Office of Finance and Budget manages\nthese records. The system notice reflects an older, paper-driven system used to create both\nbudget and payroll materials. There were two overlapping and parallel systems operated at\nthe same time and by the same office, and this is apparently why one notice covers the budget\nand payroll records.\n\n        The two functions continue, but the operations share an increasingly integrated\ndatabase. The system should continue to be defined as a Privacy Act system. However, it\nis appropriate to change the name. The budget uses and any other functions can be explained\nin the purpose section of the notice. There is no need to reference all of the subsidiary uses\nin the title. One possible title that might be more descriptive is Pay, Leave, and Travel\nRecords. This is the name used by the Office of Personnel Management for its internal payroll\nsystem.\n\n       3. Time and Attendance Records - The Office of Finance and Budget also manages this\nsystem, along with an electronic collection system that pulls in records created by each\nCommission office. The information is integrated with payroll functions. While it is a matter\nof choice, there does not appear to be any good reason to continue treating these records as\na separate system. Most readers would associate time and attendance records with payroll\nrecords. The system can be eliminated and included in a new payroll system notice.\n\n       Because of the role now played by the Department of the Interior (DOl) in managing\nCommission payroll records and functions, a new system notice needs to be properly\ncoordinated with DOl activities. The Overseas Private Investment Corporation (OPIC) is\nanother agency that uses 001 for payroll services, and OPIC has a system notice that reflects\nits connection with 001.\'3 That notice is a useful model for the USITC system notice. The\nparts of the OPIC notice most worthy of attention are the System Location (including a\nreference to the 001 facility) and the Routine Uses.\n\nRecommendation\n\n      Merge the Budgetary and Payroll-Related Records with the Time and Attendance\nRecords and establish a new system called Pay, Leave, and Travel Records.\n\n        4. Grievance Hecords - The Office of Personnel manages this record system. It is\nvirtually identical to an OPM system (OPM/INTERNAL-11) covering identical records. The OPM\ngrievance system is not a government-wide system so a local system notice is essential. This\nlocal system continues in existence and should continue to be defined as a Commission\nPrivacy Act system.\n\n       5. OIG Investigative Files General and Criminal - The Office of Inspector General\nmanages this system, which is two systems with a combined system notice. The investigative\noperations and supporting files continue largely as described in the notice. The system notice\nshould be retained. However, the inclusion of two different exempt systems in a single\nsystem notice is inappropriate. Privacy Act exemptions must be system-specific. To be clear,\ntwo separate system notices should be promulgated, one for general records and one for\ncriminal records." There is a clear basis for concluding that the Office maintains two separate\nrecord systems.\n\n\n\n\n                                              4\n\x0cRecommendation\n\n      Publish separate system notices to clarify that OIG files are maintained in two distinct \\\n                                                                                                \\\nsystems.\n\n       B. Proposed New Systems\n\n        Deciding when individually identifiable records form a Privacy Act system of records\ncan be as much an exercise in epistemology as a mixed question of fact and law. The drafters\nof the Act relied upon mainframe computer records or paper records as a model. Today\'s\nmodern PC-based and network-resident relational databases make the now ancient legal\ndistinctions difficult to apply in practice. Disagreements about whether records are a formal\nsystem occur among Privacy Act experts.\n\n\n        Whether a collection of personally identifiable records qualifies as a Privacy Act system\nof records is largely a matter of fact. If records within the control of an agency are regularly\nretrieved by identifier, then they qualify as a system. As a result, deciding whether a\ncomputerized database qualifies requires judgment and fact-finding. In a recent D.C. Court of\nAppeals decision on the Privacy Act, the court noted that "there is no magic number of\nincidental or ad hoc retrievals by reference to an individual\'s name which will transform a\ngroup of records into a system of records keyed to individuals . .,15\n\n         When there is doubt, the best general advice is to define a Privacy Act system where\nindividual interests may be adversely affected by the intended uses of the records. Another\ntest is to look at the systems of records established by other agencies. There is no reason for\nthe Commission to be a pioneer in defining systems where others have not. In cases where\nnew forms of records -- such as electronic mail -- have some but not necessarily all of the\ncharacteristics of systems, the Commission may wish to await clearer guidance from the\nOffice of Management and Budget. The redraft of the Commission\'s system notices includes\ntwo new system notices.\n\n        1. Telephone Call Detail Records - There is some doubt about whether these records\nare a system of records. Telephone numbers produced through the call detail process are not\ndirectly associated with names but with a room number and office. In some -- and perhaps\nmany -- instances, this is sufficient to identify a particular individual.\n\n       For this reason, and because of the possibility that call detail reporting may be\nenhanced in the future, it is advisable to include a system notice. Also, because the records\nhave been used in taking adverse action against individuals, any doubt should be resolved in\nfavor of affording maximum protection to privacy interests. Many agencies have system\nnotices for call detail records.\n\n        2. Security Key Use Records - This proposed new system covers records about the use\nof electronic security keys that control access to the building and its corridors. This system\nincludes surveillance information about agency employees. Although the records are rarely\nactually retrieved by identifier, a purpose of the system is to permit tracking of individual\nmovements when there has been a security breach or theft. While there is some doubt\nwhether this system must be defined as a system of records, its purpose and potentially\nintrusive nature support a conclusion that a system notice should be maintained.\n\n                                               5\n\x0c       The contract (ITC-CN-96-0001) with the Commission\'s security system contractor does\nnot include the standard Privacy Act clause that triggers application of the Privacy Act\'s\nprovisions and protections to the records maintained by the contractor. The possibility of\nadding a Privacy Act clause had been discussed within the Commission and a decision was\ndeferred. The contract should be changed to include a Privacy Act clause when next renewed.\nThe contract is annual, with a series of one-year option years through September 30, 2000.\nThe next renewal date is October 1, 1996.\n\n       There is a separate security-related collection of personnel records through the sign-in\nsheets maintained at the front door to the building. These sheets create records that are\nequivalent to those created through the security key system. One response is to establish a\ngeneral system of records for Security Access Information. Both the sign-in sheets and the\nsecurity key records would be part of this single system of records.I"\n\nRecommendations\n\n       Establish a Security Access Information system notice covering both electronic and \\\nphysical security records.\n\n       Amend the security contract to include the standard Privacy Act clause when the            \\\ncontract is next renewed.\n\n       c. Additional Systems of Records\n       It is not uncommon for agencies to discover systems of records that had gone\nunnoticed for years. Finding unreported systems is a difficult task. General questions about\nrecord keeping practices inevitably produce negative responses. The only effective method\nis to ask offices if they maintain specific types of records based on the practices of other\nagencies.\n\n       This method identified several systems of records that the Commission did not publish\nas Privacy Act systems. For these new system notices, the recommendation includes\nsuggestions about routine uses. Defining routine uses is an art and not a science. The\nCommission may choose not to employ some recommended routine uses or to add others.\nThere is no single ,right list of routine uses for a system. New systems notices are\nrecommended for these records:\n\n        1. Security Officer Control Files - The Director of the Office of Administration is the\nCommission\'s security officer responsible for the granting of security clearances. The process\nentails collecting information and fingerprints from applicants for security clearances and\nproviding that data to investigators from the Office of Personnel Management. After receiving\nand reviewing the investigative report, the Commission security officer grants or denies a\nsecurity clearance. The files generated by this process are maintained in a safe in the Office\nof Personnel, with access limited to the Director of Administration and a staffer in the Office\nof Personnel.\n\n       There are some complications. First, the main investigative reports in the security file\nare the product of an investigation conducted for the Commission by OPM. The Commission\nhas a copy of the OPM-created report, and OPM also maintains a copy. The reports in the\n\n\n\n                                               6\n\x0cpossession of OPM are part of OPM system notice OPM/CENTRAL-9, Personnel Investigations\nRecords. The OPM system has been properly exempted from parts of the Privacy Act.\n\n       It is apparently the view at OPM that this notice is adequate to cover its reports in the\nhands of other agencies. OPM considers that it is the owner of the records, and it maintains\na central and not a government-wide system notice. The distinction is that a central notice\ncovers OPM-owned records that may be maintained in other agencies. A government-wide\nnotice covers records dually owned by an agency and by OPM.\n\n       However, it is not certain that the OPM central notice is adequate for Commission\npurposes. If the Commission adds information to the security file other than that described\nby OPM, then the OPM notice is surely insufficient. More troublesome is the possibility that\nan aggressive requester could argue successfully that an investigative record exempt from\naccess at OPM might not be exempt in the hands of the Commission. At best, there is some\ndoubt that a court would accept an argument that a record in possession of the Commission\nused by Commission staff to make significant decisions about an employee\'s status belongs\nto OPM and is subject exclusively to the OPM notice.\n\n       The issue is not likely to arise unless an individual refused a security clearance needed\nfor continued employment challenges the denial. Even if this is not a likely event, there is a\nsimple way to avoid the possibility of a dispute. The Commission should define its own\nPersonnel Security Investigative Files and should apply an exemption to the system. Adopting\nan exemption requires a formal rule." Exemptions that may be appropriately applied to this\nsystem include (k)( 1) for classified information and (k)(5) for suitability information. Optionally,\nexemptions (k)(6) for testing information and (k)(7) for armed services promotion information\ncould be applied, but they may not be necessary.\n\n        Second, the government\'s process for personnel security investigations is changing.\nInvestigative work once done by OPM is now conducted by a private company. In the future,\nthe Commission may use this company for its security investigations. The Commission may\nalso use other government agencies from time to time. A new system notice should cover\nthese possibilities in the general descriptions and routine uses.\n\nRecommendation\n\n      Establish a new system of records called Personnel Security Investigative Files as an             \\\nexempt system.\n\n        2. Library Circulation Records - The main Commission library has a computer system\nthat tracks books borrowed by agency employees. The records can be and are retrieved by\nname of employee. Twice a year, the library sends a list of each book borrowed to each\nemployee. This computer system qualifies as a system of records from which information is\nretrieved by individual identifier and requires a Privacy Act system of records notice.\n\n        The law library uses a different system for tracking borrowed books that indexes\nborrowings by book and not by individual. As a result, the law library svstern is not a system\nof records. If the law library procedure changes, it could be a separate system of records or\nit could be included in a single Commission-wide library system.\n\n\n\n\n                                                  7\n\x0c       There is a recommendation below for restructuring the general routine uses for\nCommission system notices. The Attachment to this report includes proposed new general\nroutine uses. Most of these general routine uses are unnecessary for this system. However,\ngeneral routine uses E, H, and I might be applied.\n\nRecommendation\n\n       Establish a new system of records called Library Circulation Records.          I\n\n                                                                                     ~\n         3. Parking Records - The Facilities Support Division of the Office of Management\nServices maintains employee parking records. It manages a contract with Colonial Parking.\nEmployees submit applications every six months, and the applications are filed alphabetically\nin a file folder by the name of the primary carpool member. This is a system of records.\n\n       From the general routine uses proposed in the Attachment to this report, all are\nappropriate for this system except D and J. General routine use H covers disclosures to the\nparking contractor, and there is no need for a separate routine use. No other routine uses\nappear necessary.\n\nRecommendation\n\n       Establish a new system of records called Parking Records.            \\\n                                                                                \'\\\n       4. Mailing List - The Office of the Secretary maintains a consolidated and computerized\nmailing list with approximately 3000 names. The list contains predominantly business\naddresses, but perhaps between one-eighth and one-quarter are home addresses. The list\nincludes telephone numbers as well. The Office uses the consolidated list to address press\nreleases and other agency publications.\n\n       There is some uncertainty about whether this list qualifies as a system of records.\nInformation is not retrieved by individual identifier except for the maintenance of the list itself.\nSome agencies have defined comparable mailing lists as systems, and others have not.\n\n        The better choice is to establish a system of records for the list. Because these records\nrelate to non-Commlssion employees, doubts should be resolved in favor of applying the Act\nfully.   Also, it is likely that the future will bring changes in the methods used for\ncommunicating with the Commission\'s constituency. Mail, fax, email, and online access are\nlikely to be used someday.\n\n       A system notice for the mailing list might anticipate change by providing for the\npossibility that contact information beyond name, address, and telephone number may be\ncollected. This will minimize the need for change in the notice. This system of records\nrequires no routine uses.\n\nRecommendation\n\n       Establish a new system of records called Mailing List.       \\\n                                                                        \\\n\n\n\n\n                                                 8\n\x0c        5. Congressional Correspondence Records - The Office of External Relations maintains\na filing system of congressional correspondence alphabetized by name of members of\nCongress. This is a system of records. If the file were solely a repository of outgoing\ncorrespondence, it might not qualify. But there is some retrieval of the files by name.\n\n       Many other agencies have defined congressional correspondence records as Privacy Act\nsystems of records. These systems typically contain incoming correspondence, agency\nresponses, and internal control documents. If general congressional contact information is\nstored in the file, then it too should be included in the system notice.\n\n        Routine uses for a congressional record system are uncertain. Most of the general\nroutine uses in the Attachment are unnecessary, and some other agencies have few defined\nroutine uses. One likely routine use would authorize transfer of a record to another agency.\nThis situation may arise when the Commission receives a congressional inquiry that should\nhave gone to another agency. A routine use can authorize transfer of the inquiry to another\nagency or entity.\n\nRecommendation\n\n       Establish a new system of records called Congressional Correspondence Records. ,\n\n       D. Possible Systems of Records\n\n       1. Activity Accounting - The Commission\'s activity accounting program collects,\ncompiles, and prints information by name of employee. This could be defined as a separate\nsystem of records. In the alternative, the function could be included within the payroll record\nsystem. The Commission has wide discretion in making this choice. The simplest alternative\nis to make the activity accounting records part of the payroll system. The function should be\nproperly described in the categories of records and purpose sections. The activity accounting\nrecords should not require any additional routine uses.\n\nRecommendation\n\n      Include activity accounting records within the new Pay, Leave, and Travel Records\nsystem notice.\n\n        2. Web Page - The Commission\'s Web page does not currently collect identifiable\ninformation and retrieve it by individual identifier. The Internet is a highly changeable\nenvironment, and information practices are dynamic. Changes in Web page usage could result\nin creation of a system of records. This bears watching. As long as no personal information\nis collected, there is no Privacy Act obligation. It may be advisable, however, to include a\nprivacy notice on the page to explain the data collection and use policies to visitors. This is\nnot a legal requirement, but it has been recommended as a courtesy."\n\n        3. LocatorlTelephone Records - The Office of Management Services produces the\nCommission\'s telephone directory from a separate computer file maintained for that purpose.\nThat file could be a separate system of records. However, since the records have no other\nuses and are not normally retrieved by identifier, defining the file as a system is optional. If\nthe same list came from agency personnel records, no separate notice would be required.\n\n\n\n                                               9\n\x0c         4. Administrative Protective Orders - The Office of the Secretary manages\nAdministrative Protective Orders (APO) issued in connection with investigations. Applicants\nseeking to obtain restricted information pursuant to the Commission\'s Rules of Practice and\nProcedure must complete an APO Application Form. The forms are used to create a service\nlist for each case. A copy of the service list is maintained as well in a separate notebook in\nchronological order by case name. There is no evidence of any actual retrieval of individual\nrecords by name or other identifier. As a result, a system of records does not exist. The\npossible, occasional retrieval of a form filed by a specific individual by a search of the\nnotebook or case files does not alter this conclusion.\n\n        If a violation of an APO is alleged, any related files are maintained as part of the main\ninvestigation file and not separately or by individual identifier. If a letter of reprimand is issued\nto an individual because of a violation of an APO, the letter is placed in the case file and not\nby the name of the individual. The office maintains a separate tickler file to keep track of the\ndates when these letters are to be expunged. This too does not appear to qualify as a system\nof records.\n\n        If the Commission were required to undertake a large number of investigations for\nviolations of APOs, it is possible that a formal system of records would be needed. However,\nwhile there are a large number of APOs, the number of investigations and the number of\nreprimands is small. This small number of actions allows the Office of the Secretary to\nmanage the functions without a separate filing system. There is no evidence that the present\nsystem was established to circumvent Privacy Act requirements. However, because APO and\nrelated records may be used to take adverse actions against individuals, this is a sensitive\narea. If the filing system changes or if the caseload rises significantly, the need for a formal\nPrivacy Act system should be revisited.\n\n       E. Government-Wide Systems\n\n       Seven agencies maintain government-wide system of records notices.I" These include\nrecords that the Commission may maintain but that do not necessarily require local system\nnotices. The most "famous" is the Office of Personnel Management system for official\npersonnel files. 2 0\n\n        These system notices are applicable to Commission files without the need for any\naction or special notice by the Commission. Nevertheless, to make the Commission\'s Privacy\nAct notices more descriptive of the types of records maintained on employees, it would be\nhelpful to include a cross reference to them. Some agencies follow this practice.\n\n       One way to accomplish this is through an appendix to the Commission\'s system\nnotices. The appendix might consist of the names of the government-wide systems with this\nintroduction:\n\n              The Commission maintains some personal records covered by government-wide\n        system of records notices published by other agencies. There may not be actual\n        Commission files in all government-wide systems. This list includes all government-\n        wide system notices known as of the publication date, but any later established\n        government-wide system notices may also be applicable.\n\n\n\n\n                                                 10\n\x0cRecommendation\n\n     Include a reference to government-wide systems of records applicable to the\nCommission in the publication of Privacy Act system of records notices.\n\n       F. Accuracy of System Notices: General Observations\n\n      1. Common Elements - Three elements in every Commission system notice that can\nappropriately be identical are the Notification Procedure, Record Access Procedure, and\nContesting Record Procedure. There is unnecessary variability in existing system notices.\n\n       Specific wording should, of course, be consistent with Commission Privacy Act rules.\nThis report recommends minor changes to the access rules. The language suggested here is\nconsistent with those recommendations.\n\n               Notification Procedure: Individuals wishing to inquire whether this\n       system of records contains information about them should contact the Director,\n       Office of Personnel, United States International Trade Commission, 500 E\n       Street, SW, Washington, DC 20436. The Director of the Office of Personnel is\n       the Commission\'s Privacy Act Officer.\n\n              Individuals must furnish the following information for their records to be\n       located and identified:\n\n              1.   Full name(s).\n              2.   Date of birth.\n              3.   Social Security Number (for employees).\n              4.   Dates of Employment (if applicable).\n              5.   Signature.\n\n              Record Access Procedure: Individuals wishing to request access to their\n       records should contact the Director, Office of Personnel, United States\n       International Trade Commission, 500 E Street, SW, Washington, DC 20436.\n       The Director of the Office of Personnel is the Commission\'s Privacy Act Officer.\n\n              Individuals must furnish the following information for their records to be\n       located and identified:\n\n              1.   Full name(s).\n              2.   Date of birth.\n              3.   Social Security Number (for employees).\n              4.   Dates of Employment (if applicable).\n              5.   Signature.\n\n              Individuals requesting access must comply with the Commission\'s\n       Privacy Act regulations on verification of identity (19 CFR part 201).\n\n               Contesting Record Procedure: Individuals wishing to request amendment\n       of their records should contact the Director, Office of Personnel, United States\n\n\n\n                                              11\n\x0c       International Trade Commission, 500 E Street, SW, Washington, DC 20436.\n       The Director of the Office of Personnel is the Commission r s Privacy Act Officer.\n\n              Individuals must furnish the following information for their records to be\n       located and identified:\n\n              1.   Full name(s).\n              2.   Date of birth.\n              3.   Social Security Number (for employees).\n              4.   Dates of Employment (if applicable).\n              5.   Signature.\n\n              Individuals requesting amendment must comply with the Commission s        I\n\n\n       Privacy Act regulations on verification of identity (19 CFR part 201).\n\n       The system notice for Grievance Records includes in the Record Access Procedures\nsection a useful preface explaining disclosure policies for grievance records. The preface\nshould be retained for that system.\n\nRecommendation\n\n        Standardize, to the greatest extent\' possible, the common elements of system notices\nin the publication of Privacy Act system of records notices.\n\n        2. Structuring Common Routine Uses - Existing systems share a set of routine uses\ndescribed in an appendix to the system notices. It is common for agencies to list agency-wide\nsystem notices in this fashion. The Commission\'s appendix of common routine uses is,\nhowever, ambiguous. The appendix appears in the system notice list before the Inspector\nGeneral system notice." It is not clear that the appendix applies to that system as well as\nthose listed before the appendix. In addition, the individual system notices fail to include a\nspecific reference to the routine uses listed in the appendix. The result is some ambiguity in\nthe application of the routine uses to all Commission systems.\n\n       The use of a general list of agency routine uses is a good idea. It avoids disparate\nroutine uses for similar purposes. Automatically applying all general routine uses to all\nsystems, however, can create problems and may be unnecessary.\n\n       Another way of structuring general routine uses is to create a central list of routine uses\napplicable to more than one system. Each system notice references appropriate routine uses\nfrom the list. A common structure for a central list of routine uses is through a list of "General\nRoutine Uses Applicable to More than One System of Records." This list should appear before\nthe system notices themselves, as the first item in the system of records publication after the\ntable of contents. Each system notice would include as part of the specific routine uses a\nstatement such as: "General Routine Uses A, S, C, & F apply to this system." Additional local\nroutine uses for that system, if any, would follow.\n\nRecommendation\n\n      Revise the general routine uses and standardize references to these routine uses in each\nsystem notice.\n\n                                               12\n\x0c        3. Adequacy of Existing Common Routine Uses - Of the six existing common routine\nuses, the first three are relatively standard ones employed throughout qovernment.i? Despite\nthe widespread adoption of these routine uses, some rewording is appropriate to meet OMS\nguidance. See the Attachment for suggested revisions to these routine uses.\n\n       The fourth common routine use authorizes disclosures for appeals, complaints, and\nsettlements of personnel actions." This is unobjectionable. The last sentence authorizes\ndisclosure to the Civil Service Commission in connection with evaluation and oversight of\nFederal personnel management. This is out of date because the Civil Service Commission is\nnow the Office of Personal Management. In addition, this should be identified as a separate\nroutine use because it does not relate to the disclosure in the first part of the routine use.\n\n       The fifth common routine use authorizes disclosure of records to "officers and\nemployees of a Federal agency for purposes of audit." This may be too broad and too vague\nto meet the statutory requirement. A court rejected a routine use permitting disclosure to\n"federal regulatory agencies with investigative units" because it did not provide adequate\nnotice to individuals about how information might be released and for what purpose.:"\n\n       Because the fifth routine use does not define the term audit, it may not be informative\nenough to provide meaningful notice to individuals. It may also fail to meet the requirement\nthat routine uses be compatible with the purpose for which the information was collected. 25\nThe notice does not suggest a nexus between the audit and the purpose of collection.\n\n       Although the routine use in its present form is questionable, it may still be too limited\nto accomplish its intended purpose. The routine use only permits disclosure to federal\nagencies. It would not cover disclosure to private auditors working for the Commission or\nother federal agencies.\n\n       This general routine use is not necessary. The first general routine use broadly supports\ndisclosure to other agencies for investiqations of violations or potential violations of law. The\nAct provides directly for disclosures to the General Accounting Office. 26\n\n       The sixth common routine use permits disclosure to the General Services Administration\nin connection with administrative services provided by GSA under aqreernent.j" These\nservices are now performed by another government agency. This problem can be addressed\nby making the general routine use more generic.\n\n       The Attachment contains a list of suggested general routine uses that might be adopted\nby the Commission.\n\n       4. Internal Routine Uses - Some existing and proposed routine uses authorize disclosure\nto Commission employees. This is unnecessary and should not be done through a routine use.\nThe Privacy Act authorizes disclosures to officers and employees of the agency maintaining\nthe record who have a need for the record in the performance of their duties.:" The\nCommission\'s General Counsel, Inspector General, and all other agency officials can obtain\nneeded information under this statutory authorization. If a routine use purports to establish\na standard for access less stringent than that in the Act, the routine use is improper.\n\n       5. Descriptions of Policies and Practices - Each system notice contains specific\ndescriptions of basic records management policies. Many of these descriptions are out-of-date\n\n                                               13\n\x0cbecause of the passage of time and changes in technology. The descriptions should be\nupdated by the system managers, keeping in mind these considerations:\n\n       Storage: Technologies used for record storage continue to evolve. Describing storage\nmedia with too much precision will only make system notices unnecessarily obsolete. At the\nsame time, there is a clear obligation to describe the media used in order to inform the reader.\nThe nature of the storage medium provides information about the vulnerability of the data to\nmisuse.\n\n        In all cases, it will be useful to state whether information is stored on paper or in file\nfolders, in computer media (without necessarily distinguishing between floppy disk, hard disk,\ntape, etc.), on other media (microform or CD-ROM), or in an online environment. It would also\nbe appropriate to state if records exist on an internal network, are accessible externally or are\notherwise shared electronically.\n\n       Retrievability: This is the key characteristic that makes a collection of records into a\nformal Privacy Act system of records. A brief description of how records are retrieved (by\nname, SSN, etc.) is appropriate.\n\n       Safeguards: The general security requirement of the Privacy Act calls for appropriate\nsafeguards." Because almost all Commission records pertain to Commission employees, major\nthreats to security are internal. This is not to diminish the importance of proper security.\nMisuse of records by insiders is a major threat for almost all personal records. The gossip\nvalue of personnel and other records should not be dismissed lightly.\n\n       All physical records stored at Commission headquarters are in an environment that\ngenerally restricts public access to the offices maintaining the records. This should be noted\nin each system notice. Additional security measures (e.g., locked or lockable filing cabinets,\nlocked rooms, restricted areas, password protected) for specific systems should also be\ndescribed accurately. As more records move into the online environment, the Commission\nshould make sure that only those employees who require access to the records can see them,\nand these measures should be generally described in the relevant system notices.\n\n       Each system may have different safeguards and may require slightly different\ndescriptions. As a model, a suggestion for the Inspector General records is offered:\n\n               All Commission records are maintained in a building with restricted public\n       access. The records in this system are kept in a limited access area within the\n       building. The files are maintained in secure file cabinets, and access is limited\n       to persons whose official duties require access.\n\n        Retention and disposal: Some proposed system notices refer to records disposal\nschedules. This is a useful way of addressing the requirement to describe policies for\nretention, although it is not required by the Act. The goal of the law is to inform the reader\nhow long the records remain at the agency or in other storage. Disposal of unnecessary\nrecords offers a significant privacy protection.\n\n       When system notices refer to records disposal schedules, some basic details should be\nincluded. The general comment that records will be retained and disposed of in accordance\nwith applicable disposal schedules conveys no actual information. Similarly, a reference to a\n\n                                                14\n\x0cspecific disposal schedule by number conveys little information. An interested reader must\nseek elsewhere to obtain a copy of the generally obscure disposal schedule. The best result\nis to state directly how long records are maintained. An additional reference to a disposal\nschedule is helpful and would encourage compliance with applicable disposal rules.\n\n       Access Controls - The statutory requirement for describing policies and practic e s\'?\nspecifically mentions "access controls" as an element that should be described. The 1 975\nOMB guidelines describe this as the measures that have been taken to prevent unauthorized\ndisclosure and what categories of individuals within the agency have access."\n\n       There is no specific category for access controls in existing notices. This is not\nnecessarily a defect. Many agencies do not include a section for access controls. The subject\ncan be handled through a description included under the Safeguards section of the notice.\n\n       G. Accuracy of System Notice - Specific Comments\n\n       For all existing system notices, the current address for the Commission should be\nincluded. Only the Inspector General system includes the correct Commission address.\n\n       For all existing system notices, the legal authority for maintenance of the system may\nneed to be updated with references to current law.\n\n       For all existing system notices, the descriptions of categories of individuals, categories\nof records, policies and practices, and record source categories should be rechecked. Specific\nproblems are described below.\n\n       1. Employment and Financial Disclosure Records - If this system is eliminated as\nrecommended, then the system notice does not need to be corrected or updated. If retained,\nthe existing routine uses must be revised because they are unclear, out-of-date, and\nunnecessary.\n\n        2. Budgetary and Payroll-Related Records - The system location description should state\nthat payroll records are also stored on a computer system operated by the Department of the\nInterior as well as by the Commission.\n\n        The description of categories of records is out-of-date. Some specific types of records\nreferenced in the notice no longer exist. The current description is admirably specific but more\ndetailed than necessary. A generic description of the information maintained rather than the\nspecific ways in which the records are organized would be appropriate and less likely to\nbecome obsolete. This example from OPM/INTERNAL-5 covering Pay, Leave, and Travel\nRecords offers one model:\n\n          This system contains various records relating to pay, leave, and travel. This includes\n       information such as: Name; date of birth; Social Security Number; home address;\n       grade; employing organization; timekeeper number; salary; pay plan; number of hours\n       worked; leave accrual rate, usage, and balances; Civil Service Retirement and Federal\n       Retirement System contributions; FICA withholdings; Federal, State, and local tax\n       withholdings; Federal Employee\'s Group Life Insurance withholdings; Federal\n       Employee\'s Health Benefits withholdings; charitable deductions; allotments to financial\n       organizations; garnishment documents; savings bonds allotments; union and\n\n                                               15\n\x0c       management association dues withholding allotments; travel expenses; and information\n       on the leave transfer program and fare subsidy program.\n\nIf any specific element is inappropriate (e.g., fare subsidy program) then it should be dropped.\nIf other elements are part of this system (e.g., activity reporting records), then these elements\nshould be added.\n\n        The authority for maintenance of the system could be improved. A reference to an\nentire title of United States Code as authority is unnecessarily vague. The specificity of the\nOPM notice for a comparable system of records is noteworthy and may offer a useful guide:\n\n          31 U.S.C. 66a; 5 U.S.C. 5501 et seq., 5525 et seq., 5701 et seq., and 6301\n       et seq.; Executive Order 9397; Pub. L. 100-202, Pub. L. 100-440, and Pub. L.\n       101-509.\n\n       The proposed revision of the system notices adds a purpose section. This is a highly\nadvisable improvement. The proposed statement of purpose might be useful in this form:\n\n              The Commission uses the records to administer pay, leave, and travel\n       requirements and to prepare the budget.\n\n       The routine use section should be revised. Suggested routine uses are:\n\n             The records in this system of records are transmitted electronically by the\n       Commission to the Denver Administrative Services Center, U.S. Bureau of Reclamation,\n       U.S. Department of Interior, which provides payroll services. The USITC, and the\n       Department of Interior acting on behalf of the USITC, may make the following routine\n       uses:\n\n              a. General Routine Uses A, S, C, D, E, F, G, H, I, and J;\n\n              b. To the Department of the Treasury to issue checks and U.S. Savings Bonds;\n\n              c. To the Office of Personnel Management for retirement, health and life\n              insurance purposes, and to carry out OPM\'s government-wide personnel\n              management functions;\n\n              d. To the National Finance Center, Department of Agriculture, for the Thrift\n              Savings Plan and Temporary Continuation of Coverage;\n\n               e. To the Social Security Administration for reporting wage data in compliance\n               with the Federal Insurance Compensation Act;\n\n              f. To the Internal Revenue Service and to State and local tax authorities for tax\n              purposes, including reporting of withholding, audits, inspections, investigations,\n              and similar tax activities;\n\n              g. To officials of labor organizations recognized under 5 U.S.C. Chapter 71 for\n              the purpose of identifying USITC employees contributing union dues each pay\n              period and the amount of dues withheld.\n\n                                               16\n\x0c       The storage description in the revised system notice is out-of-date.\n\n      The retrievability description should refer only to name and social security number.\nDates are not identifiers under the Privacy Act.\n\n      The retention and disposal description is too general. The reference to record disposal\nschedules without the actual preservation time conveys no useful information to the reader.\n\n       The record source categories description might be modified to read:\n\n          Information in this system of records comes from the individual to whom the record\n       pertain, Commission officials responsible for pay, leave, and travel requirements, and\n       official personnel documents.\n\n      3. Time and Attendance Records - If this system is consolidated with the payroll\nsystem, the notice will be eliminated.\n\n         4. Grievance Records - The revised notice for this system is generally correct. The\nroutine uses should refer to all general routine uses except D. Proposed routine use 5 (to\nofficials of labor organizations) may be unnecessary if these disclosures can be made with the\nconsent of the record subject. The general routine uses cover other necessary disclosures.\n\n        5. OIG Investigative Files General and Criminal - As discussed above, this system\nshould be published as two separate systems of records. Much of the description in the two\nsystems will be similar or identical. However, the categories of individuals description should\nnot include a reference to Commission offices and subdivisions. The Privacy Act applies only\nto individuals and not to legal persons.\n\n       The preamble to the routine use section should be dropped. It is unclear that the\nInspector General can or should seek assurances that recipients of information must comply\nwith Privacy Act safeguards. This language could cause unnecessary liability if a recipient\nmisuses data. The Act\'s requirements for contractors should be followed when appropriate,\nbut there is no need to include a broader statement responsibility in the routine uses.\n\n       In place of the specific routine uses, the notice should include a reference to all general\nroutine uses. There is no need for a routine use covering disclosure to the General Counsel\nof the Commission (proposed routine use 9). The Privacy Act authorizes necessary internal\ndisclosures.\n\n      The proposed routine use does not include a purpose section. This should be added to\nconform with other system notices.\n\n      The description of storage policy should be made more generic by referring to computer\nmedia rather than computer disks.\n\n       6. Telephone Call Detail Records - This is a proposed system notice for a newly defined\nsystem of records. The categories of individuals and categories of records descriptions make\nno reference to the collection of information about local calls. This is accurate since that\ninformation is not currently collected. If there is a reasonable prospect that this information\n\n\n\n                                                17\n\x0cmight be collected and maintained in the future, the descriptions might be made more generic\nto include local calls. This would avoid the need for a possible future change in the notice.\n\n       The routine uses for this system should incorporate all of the general routine uses\nexcept D and J. The first proposed routine use (to a telecommunications carrier) is\nunnecessary since general routine use H covers contractors. The second routine use (to the\nInternal Revenue Service) is appropriate, but it might be revised to refer to "other federal\nagencies or federal contractors with statutory authority to assist in the collection of\nCommission debts. n This will cover the possibility that debt collection functions now\nconducted by the IRS might be shifted elsewhere. The proposed routine use to the Inspector\nGeneral is unnecessary.\n\n       The storage description appears incomplete. Some information is collected on computer\ntape, and a more general description of the media may be needed.\n\n      The retention and disposal description is not sufficiently detailed. It should indicate the\napproximate length of time that the records will be kept.\n\n       7. Security Key Use Records - If this newly proposed system is expanded to include\nphysical security records, as suggested above, then the system notice will need to be rewritten\nand expanded. Appropriate general routine uses for this system are all except D and J. No\nother routine uses may be needed.\n\nRecommendation\n\n        Reexamine and revise each system notice to reflect current conditions and to correct\nidentified deficiencies.\n\n\nIII. Other Privacy Act Requirements\n\n       A. Privacy Act Rules\n\n       The Commission\'s Privacy Act rules appear at 19 CFR \xc2\xa7201.22-.32 (1995). The rules\nwere originally promulgated in 1975, shortly after the effective date of the Act. 32 A 1990\namendment added exemptions for systems of records maintained by the Inspector General. 33\nThere are some problems with the existing rules:\n\n       \xe2\x80\xa2 The rules include the former address of the Commission at 701 E Street. The address\nneeds to be updated .\n\n       \xe2\x80\xa2 The rules contemplate that any individual seeking access to his or her records must\nmake an appointment with the Director of Personnel to inspect the records;" Alternatively,\nthe Director may provide the individual with a copy of the record by certified mail. 35\n\n        The Act clearly provides that an individual may review and have a copy made of all\nrecords about himself or herself\'." The rules should be revised to clarify that a requester has\na right to have a copy of a record and to explain more clearly the procedure for obtaining that\ncopy without a personal visit. There is no evidence that this minor deficiency in the rules has\nadversely affected any actual request.\n\n                                               18\n\x0c      \xe2\x80\xa2 The rules provide that fees for copying of records shall be at the rate of ten cents per\npage. There is no charge unless the total amount exceeds fifty cents.\n\n        Under the Freedom of Information Act, no fees may be charged for the first 100 pages\nof duplicatiorr" or where the costs of routine collection and processing of the fee are likely to\nequal or exceed the amount of the fee. 38 While the FOIA fee standards are not directly\napplicable to Privacy Act requests, it is common for first-party requests for records to be\ntreated as if the request was made under both laws and for the requester to be charged only\nthe most favorable fees permitted under either law. At a minimum, it would be appropriate\nfor the Commission to conform its Privacy Act fees to the FOIA standards.\n\n        An agency need not charge copying fees at all under the Privacy Act, and the\nCommission may wish to consider not charging for routine requests. The cost of accounting\nfor occasional payments is likely to exceed the cost of processing. Since most Commission\nrecords pertain to its employees, a useful policy might be to allow each employee a free copy\nof his or her personnel file once a year and whenever a change is made.\n\n       \xe2\x80\xa2 There are exemptions in the rules\'" for some systems of records. The exemptions for\nthe Inspector General systems were properly claimed.\n\n       The remaining three exemptions are not properly claimed. The Act requires that\nexemptions be applied to identifiable systems of records. Subsection (a) of the rules invokes\nan exemption for classified records, but it fails to apply the exemption to a specific system of\nrecords. No existing systems appear to contain classified information. As a result, this claim\nof exemption is both improper and unnecessary.\n\n        Subsection (b) of the Commission\'s rules invokes an exemption for statistical records.\nHere too, there is no specific system referenced, and no defined system appears to include\nstatistical records. As a result, this claim of exemption is both improper and unnecessary.\n\n        Subsection (c) invokes the exemption for investigatory material compiled for\ndetermining suitability for employment, federal contracts, and other purposes. The rules apply\nthe exemption to "Iplerscnnel investigations records in the custody of the Security Officer .\n\xe2\x80\xa2   \xe2\x80\xa2No specific system is identified, and no existing system appears to include these records.\n        11\n\n\nThere is a qovemment-wide system of records (OPM/GOVT-5 Recruiting, Examining, and\nPlacement Records) that covers this category of records that already has an exemption. As\na result, the exemption claim is both improper and unnecessary.\n\nRecommendation\n\n             Revise the Commission\'s Privacy Act rules.\n\n             B. Accounting\n\n       The Privacy Act requires that agencies maintain an accounting of the date, nature, and\npurpose of most external disclosures of records. The name and address of the person or\nagency receiving the records must also be recorded."? No accounting is required for internal\ndisclosures or for disclosures under the Freedom of Information Act. The law does not require\nmaintenance of a specific record, notation, or log of each disclosure. It is sufficient if an\nagency can reconstruct the accounting from available information when requested."\n\n                                                 19\n\x0c       Only some Commission personnel are aware of the law\'s accounting requirement. No\none reported the maintenance of any specific accounting records. However, it also appears\nthat the routine conduct of agency business either generates records of disclosures or\notherwise permits the reconstruction of the accounting for a specific record. The current\npractices appear sufficient to meet the law\'s requirement.\n\n       When new systems of records are established or existing systems are changed, system\nmanagers should consider how the Act\'s accounting requirement can be fulfilled. As more\nrecords become digital, extra care should be taken to make sure that the required accounting\nfor external disclosures can be reconstructed routinely.\n\n       c. Forms\n       The Privacy Act requires that an agency disclose certain information to individuals\nasked to provide personal data." The Privacy Act notice must appear on the form or on a\nseparate piece of paper. 43 While the Commission staffer responsible for forms automation was\naware of this requirement, most other personnel were not. A review of the agency forms list\nconfirmed that no notice appears necessary. However, the list does not reflect all forms in use\nat the Commission.\n\n       Several Commission forms require disclosure of personal information without providing\nthe necessary Privacy Act notice. There is no systematic way to identify these forms, but I\nwas able to find forms that require notices.:"\n\n        \xe2\x80\xa2 Application--Parking Space (Office of Management Services, USITC # 11) - This form\ncalls for a variety of personal information, including home address, and vehicle identification\ninformation. This clearly requires a Privacy Act notice. The form itself, however, contains a\nquestionable applicant certification. 45\n\n       \xe2\x80\xa2 Office of the Secretary Mailing List Form (no title or number) - This form calls for\ndisclosure of the requester\'s name, address, and telephone number. There should be a Privacy\nAct notice on the form. In addition, the Office of the Secretary issues a yearly renewal notice\nasking for confirmation and updating of the same information from requesters. A Privacy Act\nnotice should be added to this form as well.\n\n        \xe2\x80\xa2 Official Travel Authorization (ITC Form 005) - This basic travel authorization form\nbecomes part of the payroll system of records (which contains travel documentation). It\nrequires a Privacy Act Notice. Other travel forms in use include Exceptions to the Use of\nContract Carriers (ITC Form 125), Justification for Premium Class Travel (ITC Form 349L\nJustification for Use of a Foreign Flag Air Carrier (no number), and Justification for Actual\nSubsistence Travel (ITC Form 350). These forms also need Privacy Act notices .\n\n        \xe2\x80\xa2 Designation of Employee Check (Office of Finance and Budget, ITC Form 351) - This\nform asks departing employees to disclose social security number and home address. It\nrequires a Privacy Act notice. Presumably, the information is maintained as part of the payroll\nsystem of records .\n\n       \xe2\x80\xa2 Security Sign-In Form - Visitors to the building must sign in at the front security desk.\nA Privacy Act notice should be provided. Since printing the notice on the form itself would\n\n\n\n                                               20\n\x0cbe cumbersome, the requirement can be met by printing the notice on a separate piece of\npaper and posting a sign that the notice is available upon request.\n\nRecommendation\n\n       Add a Privacy Act notice to Commission forms as required by the law.      \\\\\n\n       D. Computer Matching\n\n        The Privacy Act imposes requirements on agencies that conduct computer matching\nor that provide data for other agencies to use for computer matching. I found no evidence that\nthe Commission engages in matching activities as either a source or recipient agency. As a\nresult, the Commission has no current computer matching obligations under the Act.\n\n       Personnel information routinely provided to the Office of Personal Management is used\nin matching, but OPM is the source agency and complies with the requirements of the Act.\nThe Commission also shares payroll and personnel information with its payroll contractor, the\nDepartment of Interior. I found no reason to believe that the Department was using\nCommission data for computer matching purposes. However, if the Department in its role as\ncontractor for other agencies begins to provide data for matching purposes, the Commission\nmay be obliged to create a Data Integrity Board:" and enter into matching agreements. 47 It\nmight be advisable for the Commission to expressly tell the Department to seek advance\napproval from the Commission before using personnel data for computer matching.\n\n       E. Reporting and Reviewing Requirements\n\n        OMS Circular A-130 on the Management of Federal Information Resources lists many\nreporting and reviewing requirements for agencies subject to the Privacy Act. Agencies must\nconduct regular reviews of contracts (every two years), recordkeeping practices (every two\nyears), routine uses (every four years), exemptions (every four years), matching programs\n(annually), training (every two years), violations (every two years), and system notices (every\ntwo years). None of these reviews had been conducted. The annual review for matching\nprograms is not applicable to the Commission because there are no matching activities.\n\n       Agencies must also provide several different Privacy Act reports. These inclu~he\nPrivacy Act report to OMS (every two years), matching activity report (every two years), new\nsystem of records report (when needed), altered system of record report (when needed), and\nfour different types of matching reports. The Commission has had no obligation to file any\nmatching report.\n\n       The Commission has complied with other reporting requirements. Reports were filed\nwith the Congress and OMB for the only new system of records adopted in the last twenty\nyears. The Commission also published required Federal Register notices.       While the\nCommission has not kept its Privacy Act system notices up to date, the procedural\nrequirements for adopting new systems were followed correctly.\n\n\n\n\n                                              21\n\x0c       F. Personnel Familiarity with the Privacy Act\n\n         Senior Commission staff interviewed for this audit showed limited awareness of the\nPrivacy Act and its requirements. This is not unusual for an agency that conducts no official\nactivities with individuals and that engages in little routine Privacy Act business. Until several\nyears ago, the Commission never received a Privacy Act request for access.\n\n        The Commission\'s Privacy Act Officer is the Director of Personnel.?" Based on existing\npolicy, he has limited responsibilities. He serves as the public point of contact for Privacy Act\nmatters and as internal coordinator of Privacy Act requests. In addition, the Privacy Act\nOfficer responds to occasional data calls from the Office of Management and Budget. These\nfunctions have been carried out adequately.\n\n        The Commission has not assigned responsibility for reviewing system notices, forms,\nfor reminding other staff about Privacy Act obligations for new systems of records, or for\ninvestigating complaints. The Commission certainly does not require a full-time Privacy Act\nOfficer to carry out these functions. However, there is a need for someone to undertake\ngeneral responsibility for overseeing the system notice and form requirements of the Act and\nfor investigating identified problems.\n\n         Given the limited number of Privacy Act systems of records maintained by the\nCommission, an occasional review of compliance is appropriate. One way to accomplish this\nis to rely upon the biennial data call from the Office of Management and Budget as a prompt.\nEvery two years when OMS asks for Privacy Act reporting information, the Privacy Act Officer\nshould send a copy of each existing system notice to each system manager and ask for a\nreview of the currency of the notice. Any necessary changes can be made" then.\n\n       This process will help to assure that system notices do not languish another twenty\nyears without updating. If new systems of records are created in the interim (or if there are\nmajor changes in existing systems), the notices should be updated more frequently. New\nroutine uses will also require prompt attention. For minor changes, however, revision of\nsystem notices every two years is sufficient. A biennial review would also meet all of the\nreview requirements in OMS Circular A-130. Most of the review requirements are biennial.\nThose required every four years could be conducted easily and quickly biennially.\n\n        In addition, Commission staff with responsibility for designing or controlling forms\nshould be alerted to the general requirements of the Privacy Act relating to the creation of\nforms. They should serve as an early warning system when new forms create Privacy Act\nobligations. Similarly, Commission staff responsible for designing and maintaining computer\nsystems should be aware of what constitutes a system of records so that they can alert the\nPrivacy Act Officer when possible new systems are created. They should be notified of these\ngeneral oversight responsibilities immediately and again once every two years.\n\n       The Privacy Act imposes a variety of obligations on federal agencies.         Once basic\ncompliance is reestablished, it will take little effort to keep current.\n\nRecommendation\n\n     Set forth the duties of the Privacy Act Officer to oversee and coordinate the                   \\\nCommission\'s implementation of the Act, including reviewing existing system notices every            \\\\\n                                                                                                     \\\\\n\n\n                                               22\n\x0ctwo years when the Office of Management and Budget collects information for the Privacy Act\nreport to Congress, and investigating Privacy Act complaints and known or suspected\ndeficiencies.\n\n       G. Vulnerability Assessment for Litigation\n\n        This report documents that the Commission is not in compliance with several\nrequirements of the Privacy Act. The Act includes a criminal penalty for willfully maintaining\na system of records without meeting the notice requirement." Any potential violation of this\nsection would have to satisfy the willful test, and this is unlikely. Many other agencies\n(including OMB!) are also in technical violation of the publication requirements of the Act. In\nany event, there has never been a prosecution under this section.              The crime is a\nmisdemeanor.\n\n         The Privacy Act provides civil remedies\'\'? that could result in liability. Most Privacy Act\nlitigation is over denial of access or correction or improper disclosures. Suits may also be\nbrought for failure to maintain records with accuracy, relevance, timeliness, or completeness\nas is necessary to assure fairness. Finally, suits may be brought for any other violation.\n\n         In theory, the Commission\'s failure to have system of records notices for all systems\nor accurate notices for existing systems could give rise to liability. Given the actual\ndeficiencies found, however, it seems unlikely that any individual could successfully\ndemonstrate the adverse effect\'" that is an essential requirement of a lawsuit. This is also\nlikely to be true for failure to include notices on forms. Unauthorized disclosures provide other\ngrounds for liability, but the adverse effect threshold is hard to overcome in most cases.\n\n        It is unlikely that the Commission would be held civilly or criminally liable for most if\nits failure to comply with Privacy Act requirements. Potential liability can be avoided\naltogether by updating and republishing Privacy Act system notices and by putting proper\nnotices on forms.\n\nIV. Summary of Recommendations\n\n       We recommend that the Director of Administration, in his capacity as chairman of the\ngroup formed to undertake a review to determine where Privacy Act administration should be\nassigned, notify (1) group members of the need to continue working on implementation of the\nrecommendations; and (2) the Privacy Act Officer, when one is designated, of his or her\nresponsibility to respond to the following recommendations:\n\n       Eliminate the Employment and Financial Disclosure Records system notice.\n\n       Merge the Budgetary and Payroll-Related Records with the Time and Attendance\n       Records and establish a new system called Pay, Leave, and Travel Records.\n\n       Publish separate system notices to clarify that OIG files are maintained in two distinct\n       systems.\n\n        Establish a Security Access Information system notice covering both electronic and\n        physical security records.\n\n\n\n                                                23\n\x0c      Amend the security contract to include the standard Privacy Act clause when the\n      contract is next renewed.\n\n      Establish a new system of records called Personnel Security Investigative Files as an\n      exempt system.\n\n      Establish a new system of records called Library Circulation Records.\n\n      Establish a new system of records called Parking Records.\n\n      Establish a new system of records called Mailing List.\n\n      Establish a new system of records called Congressional Correspondence Records.\n\n      Include activity accounting records within the new Pay, Leave, and Travel Records\n      system notice.\n\n      Include a reference to government-wide systems of records applicable to the\n      Commission in the publication of Privacy Act system of records notices.\n\n      Standardize, to the greatest extent possible, the common elements of system notices\n      in the publication of Privacy Act system of records notices.\n\n      Revise the general routine uses and standardize references to these routine uses in\n      each system notice.\n\n      Reexamine and revise each system notice to reflect current conditions and to correct\n      identified deficiencies.\n\n      Revise the Commission\'s Privacy Act rules.\n\n       Add a Privacy Act notice to Commission forms as required by the law.\n\n      Set forth the duties of the Privacy Act Officer to oversee and coordinate the\n      Commission\'s, implementation of the Act, including reviewing existing system notices\n      every two years when the Office of Management and Budget collects information for\n      the Privacy Act report to Congress, and investigating Privacy Act complaints and\n      known or suspected deficiencies.\n\n         The Privacy Act Officer will need to coordinate with the appropriate Commission\nofficials to implement the above recommendations, and some actions will require approval by\nthe Commission.\n\n\n\n\n                                            24\n\x0c                                                                           Attachment\n\n                               Suggested Common Routine Uses\n\nGeneral Routine Uses Applicable to More than One System of Records\n\nA. Disclosure for Law Enforcement Purposes\n\n       Information may be disclosed to the appropriate Federal, State, local, or foreign agency\nresponsible for investigating, prosecuting, enforcing, or implementing a statute, rule,\nregulation, or order, if the information indicates a violation or potential violation of civil or\ncriminal law or regulation within the jurisdiction of the receiving entity.\n\nB. Disclosure Incident to Requesting Information\n\n       Information may be disclosed to any source from which additional information is\nrequested (to the extent necessary to identify the individual, inform the source of the\npurpose(s) of the request, and to identify the type of information requested), when necessary\nto obtain information relevant to an agency decision concerning retention of an employee or\nother personnel action (other than hiring), retention of a security clearance, the letting of a\ncontract, or the issuance or retention of a grant, or other benefit.\n\nC. Disclosure to Requesting Agency\n\n         Disclosure may be made to a Federal, State, local, foreign, or tribal or other public\nauthority of the fact that this system of records contains information relevant to the retention\nof an employee, the retention of a security clearance, the letting of a contract, or the issuance\nor retention of a license, grant, or other benefit. The other agency or licensing organization\nmay then make a request supported by the written consent of the individual for the entire\nrecord if it so chooses. No disclosure will be made unless the information has been determined\nto be sufficiently reliable to support a referral to another office within the agency or to another\nFederal agency for criminal, civil, administrative, personnel, or regulatory action.\n\nD. Disclosure to Office of Management and Budget\n\n        Information may be disclosed to the Office of Management and Budget at any stage in\nthe legislative coordination and clearance process in connection with private relief legislation\nas set forth in OMB Circular No. A-19.\n\nE. Disclosure to Congressional Offices\n\n        Information may be disclosed to a congressional office from the record of an individual\nin response to an inquiry from the congressional office made at the request of the individual.\n\nF. Disclosure to Department of Justice\n\n       Information may be disclosed to the Department of Justice, or in a proceeding before\na court, adjudicative body, or other administrative body before which the Commission is\nauthorized to appear, when:\n\n           1. The Commission, or any component thereof; or\n           2. Any employee of the Commission in his or her official capacity; or\n\n\n                                                25\n\x0c          3. Any employee of the Commission in his or her individual capacity where the\n       Department of Justice or the Commission has agreed to represent the employee; or\n          4. The United States, when the Commission determines that litigation is likely to\n       affect the Commission or any of its components\n\nis a party to litigation or has an interest in such litigation, and the use of such records by the\nDepartment of Justice or the Commission is deemed by the Commission to be relevant and\nnecessary to the litigation provided, however, that in each case it has been determined that\nthe disclosure is compatible with the purpose for which the records were collected.\n\nG. Disclosure to the National Archives\n\n       Information may be disclosed to the National Archives and Records Administration in\nrecords management inspections.\n\nH. Disclosure to Contractors, Grantees, etc.\n\n        Information may be disclosed to contractors, grantees, consultants, or volunteers\nperforming or working on a contract, service, grant, cooperative agreement, job, or other\nactivity for the Commission and who have a need to have access to the information in the\nperformance of their duties or activities for the Commission. This includes federal agencies\nproviding payroll, management, or administrative services to the Commission. When\nappropriate, recipients will be required to comply with the requirements of the Privacy Act of\n1974 as provided in 5 U.S.C. \xc2\xa7552a{m).\n\nI. Disclosures for Administrative Claims, Complaints and Appeals\n\n        Information from this system of records may be disclosed to an authorized appeal\ngrievance examiner, formal complaints examiner, equal employment opportunity investigator,\narbitrator or other person properly engaged in investigation or settlement of an administrative\ngrievance, complaint, claim, or appeal filed by an employee, but only to the extent that the\ninformation is relevant and necessary to the proceeding. Agencies that may obtain information\nunder this routine use include, but are not limited to, the Office of Personnel Management,\nOffice of Special Counsel, Merit Systems Protection Board, Federal Labor Relations Authority,\nEqual Employment Opportunity Commission, and Office of Government Ethics.\n\nJ. Disclosure to the Office of Personnel Management\n\n      Information from this system of records may be disclosed to the Office of Personnel\nManagement pursuant to that agency\'s responsibility for evaluation and oversight of Federal\npersonnel management.\n\nK. Disclosure in Connection with Litigation\n\n         Information from this system of records may be disclosed in connection with litigation\nor settlement discussions regarding claims by or against the Commission, including public filing\nwith a court, to the extent that disclosure of the information is relevant and necessary to the\nlitigation or discussions and except where court orders are otherwise required under section\n(b)(11) of the Privacy Act of 1974, 5 U.S.C. \xc2\xa7552a(b)(11).\n\n\n\n                                                26\n\x0c                                             *****\n\n        Another type of disclosure must be provided for in some Commission systems, but it\ncannot be accomplished through a routine use. Disclosures of information to consumer\nreporting agencies pursuant to debt collection laws must be provided for in system notices as\nappropriate. This cannot be accomplished in a general fashion. Following the routine use\nsection for each applicable system, this section should be included:\n\n       Disclosure to Consumer Reporting Agencies: Information from this system of\n       records may be disclosed to a consumer reporting agency as provided in 31\n       U.S.C." \xc2\xa73711.\n\n       This disclosure authorization section should be included in the system notice for Pay,\nLeave, and Travel Records. The same notice should be added to any other Commission\nsystem likely to give rise to claims by the government.\n\n                              Notes on the Litigation Routine Use\n\n       The Privacy Act provides directly for disclosures of records pursuant to the order of a\ncourt of competent jurisdiction. 52 This provision has a troubled implementation history, with\na good deal of litigation over its meaning. As a result, it is difficult to be definitive about the\nbest way to address disclosures incident to litigation.\n\n       Some things are clear. Disclosures can be made when there is a court order signed by\na judge. A grand jury subpoena (which is not signed by a judge) does not qualify. A court\norder signed by the court clerk does not qualify. A routine discovery request from opposing\ncounsel is not a court order unless signed by a judge.\n\n        Some agencies tried to avoid these limitations by promulgating routine uses covering\nthese types of disclosures. These routine uses were struck down when challenqed.F\' While\nagencies have considerable discretion in establishing routine uses, they may not promulgate\na routine use that would evade or weaken the statutory conditions of disclosure such as\n(b)(11). Many objectionable routine uses remain in place because they have never been\nchallenged by litigants or revised by the agencies.\n\n        Other uncertainties arise when disclosures are incident to administrative adjudications.\nThe (b){ 11) limitation on disclosure does not appear to apply at the administrative level,\nalthough this is not entirely free from doubt. Still, the Act clearly contemplates interagency\ntransfers of files through routine use, and it would be troublesome and convoluted to conclude\nthat all administrative adjudications require court orders.\n\n       Also, if settlement of a claim is being negotiated before the actual filing of litigation,\nit appears that necessary disclosures can be accomplished through a routine use. No court\norder can be obtained without the formal filing of a lawsuit so there would be no other way\nto make these disclosures that may be necessary to protect important government interests.\n\n         Routine use 7 proposed for the Inspector General record system, which addressed\nlitigation disclosures, is too broad.P" There are many existing litigation routine uses of other\nagencies that are also too broad. While many routine uses can be "validated" by reference to\nthe practice of other agencies, this area is too changeable to rely heavily on other Privacy Act\n\n                                                27\n\x0csystem notices. General Routine Use K for disclosure in connection with litigation can\nsubstitute for the proposed Inspector General litigation routine use.\n\n        For some litigation-related disclosures, routine uses are unnecessary. For any case\nbefore a court, parties seeking Privacy Act information can and must seek a court order to\nsupport the disclosure. Where the attorney for the other side represents the individual who\nis the subject of a file, that individual\'s file can be disclosed with consent.\n\n         Disclosure of records to the Justice Department when it is representing the Commission\nin litigation is permissible through a routine use. Proposed General Routine Use F covers this\ncategory of disclosures. A routine use is needed to permit the nonconsensual public filing of\nPrivacy Act records with a court. Proposed routine use K covers this category of disclosure.\n\n       There may be circumstances in which opposing counsel seeks (or the Commission may\nwish to disclose) Privacy Act records of individuals who are not parties to the lawsuit. For\nexample, there could be a demand for the disclosure of all personnel files in a particular office\nto adjudicate or resolve a claim of discrimination. The proposed general litigation routine use\nprotects the ability of the Commission to make any litigation-related disclosures that can be\nlawfully made through a routine use. All actual disclosures under this authority will require\ncase-by-case review to make sure that the routine use disclosure does not usurp authority\nreserved to the court under section (b)(11). Whenever possible, non-identifiable or encrypted\ninformation may serve the purpose without raising any privacy concerns.\n\n\n\n\n                                               28\n\x0c                                                                                         Notes\n\n1. 5 U.S.C. \xc2\xa7552a (1994).\n\n2. Id. at \xc2\xa7552a(b).\n\n3. Id. at \xc2\xa7\xc2\xa7552a(a)(7) & (b)(3).\n\n4. Id. at \xc2\xa7552a(c).\n\n5. Id. at \xc2\xa7552a(d).\n\n6. Id. at \xc2\xa7552a(e)(3).\n\n7. Id. at \xc2\xa7552a(e)(4).\n\n8. Id. at \xc2\xa7552a(t).\n\n9. Id. at \xc2\xa7552a(0) & (u).\n\n10. The draft revision of Commission Privacy Act notices reviewed for this audit was dated 3/25/96.\n\n11. 40 Federal Register 28952 (July 9, 1975).\n\n12. OGE/GOVT-1 - Public Financial Disclosure Reports; OGE/GOVT-2 - Confidential Statements of\nEmployment and Financial Interests.\n\n13. See 61 Federal Register 25239 (May 20, 1996).\n\n14. The criminal investigatory records are exempt under a general exemption, 5 U.S.C. \xc2\xa7552a(j)(2) (1994). The\ngeneral investigatory are exempt under specific exemptions, 5 U.S.C. \xc2\xa7552a(k)(2) (1994). The Commission rules\nclaiming these records already properly treat the Inspector General records as two separate systems.\n\n15. Beneke v. Department of Commerce, No. 95-5195 (D.C. Cir., May 17, 1996).\n\n16. Whether sign-in sheets are records within the purview of the Privacy Act is not without doubt. In American\nFederation of Government Employees v. NASA, 482 F. Supp. 281 (S.D. Tex. 1980), the court held that a daily\nemployee time sheet was held not to be a record that the Congress intended to cover by the Privacy Act. That\nresult is controversial andmay not cover the sign-in records at issue here. In the case, the records covered\nemployees only. The Commission\'s records cover mostly visitors to the Commission\'s offices, but some\nemployees may be included as well.\n\n17. 5 U. S. C. \xc2\xa7552a(k) (1994) ("The head of any agency may promulgate rules . . . to exempt any system of\nrecords within the agency . . . ").\n\n18. See Gellman, "Action for Privacy Can Force Cookies to Crumble", Government Computer News 35 (May 27,\n1996).\n\n19. The last publication of a complete list of these notices was at 56 Federal Register 28178 (June 19, 1991).\n\n20. The government-wide systems are:\n\n           \xe2\x80\xa2 EEOC/GOVT-1 - Equal Employment Opportunity in the Federal Government Complaint and Appeal\nRecords.\n\n\n                                                        29\n\x0c         \xe2\x80\xa2 FEMA/GOVT-1 - National Defense Executive Reserve System\n         \xe2\x80\xa2 GSA/GOVT-2 - Employment Under Commercial Activities Contracts\n         \xe2\x80\xa2 GSA/GOVT-3 - Travel Charge Card Program\n         \xe2\x80\xa2 GSA/GOVT-4 - Contracted Travel Service Program\n         \xe2\x80\xa2 DOL/ESA-13 - Employment Standards Administration, Office of Workers\' Compensation Programs,\nFederal Employees Compensation Act File\n                   I\n\n\n         \xe2\x80\xa2 DOL/ETA-14 - Employment Training Administration (ETA) Job Corpsman Records\n         \xe2\x80\xa2 MSPB/GOVT-1 - Appeal and Case Records\n         \xe2\x80\xa2 OGE/GOVT-1 - Executive Branch Public Financial Disclosure Reports and Other Ethics Program\nRecords\n         \xe2\x80\xa2 OGE/GOVT-2 - Confidential Statements of Employment &\n Financial Interests\n         \xe2\x80\xa2 OPM/GOVT-1 - General Personnel Records\n         \xe2\x80\xa2 OPM/GOVT-2 - Employee Performance File System Records\n         \xe2\x80\xa2 OPM/GOVT-3 - Records of Adverse Actions and Actions Based on Unacceptable Performance\n         \xe2\x80\xa2 OPM/GOVT-5 - Recruiting, Examining, and Placement Records\n         \xe2\x80\xa2 OPM/GOVT-6 - Personnel Research and Test Validation Records\n         \xe2\x80\xa2 OPM/GOVT-7 - Applicant -- Race, Sex, National Origin and Disability Status Records\n         \xe2\x80\xa2 OPM/GOVT-9 - File on Position Classification Appeals, Job Grading Appeals, and Retained Grade or\nPay Appeals.\n         \xe2\x80\xa2 OPM/GOVT-I0 - Employee Medical File System Records\n\n21. See 5 Privacy Act Issuances 85-89 (1991). On the 1993 CD-ROM version of Privacy Act Issuances, the\nappendix is appropriately included after all of the system notices.\n\n22. The text of these routine uses is:\n\n         \xe2\x80\xa2 In the event that a system of records maintained by this agency to carry out its functions indicates a\n         violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute or\n         particular program statute, or by regulation, rule or order issued pursuant thereto, the relevant records in\n         the system of records may be referred, as a "routine use," to the appropriate agency, whether Federal,\n         State, local or foreign, charged with the responsibility of investigating or prosecuting such violation or\n         charged with enforcing or implementing the statute, or rule, regulation or order issued pursuant thereto.\n\n         \xe2\x80\xa2 A record from this system of records may be disclosed as a "routine use" to a Federal, State or local\n         agency maintaining civil, criminal or other pertinent information, such as current licenses, if necessary,\n         to obtain information relevant to an agency decision concerning the hiring or retention of any employee,\n         the issuance of a security clearance, the letting of a contract or the issuance of a license, grant or other\n         benefit.         .\n\n         \xe2\x80\xa2 A record from this system of records may be disclosed to a Federal agency, in response to its request,\n         in connection with the hiring or retention of an employee, the letting of a contract, or the issuance of a\n         license, grant or other benefit by the requesting agency, to the extent that the information is relevant and\n         necessary to the requesting agency\'s decision in the matter.\n\n23. The text of the routine use is:\n\n         \xe2\x80\xa2 A record from this system of records may be disclosed to an authorized appeal grievance examiner,\n         formal complaints examiner, equal employment opportunity investigator, arbitrator or other dilly\n         authorized official engaged in investigation or settlement of a grievance, complaint, or appeal filed by an\n         employee. A record from this system of records may be disclosed to the United States Civil Service\n         Commission in accordance with the agency\'s responsibility for evaluation and oversight of Federal\n         personnel management.\n\n\n\n                                                         30\n\x0c24. Britt v. Naval Investigative Service, 886 F.2d 544 (3rd Cir. 1989).\n\n25. 5 U.S.C. \xc2\xa7552a(b)(3) (1994).\n\n26. Id. at \xc2\xa7552a(b)(l0).\n\n27. The text of the routine use is:\n\n         A record from this system of records may be disclosed to officers and employees of the General Services\n         Administration in connection with administrative services provided to this agency under agreement with\n         GSA.\n\n28. 5 U.S.C. \xc2\xa7552a(b)(l) (1994).\n\n29. Id. at \xc2\xa7552a(e)(10) ("establish appropriate administrative, technical, and physical safeguards to insure the\nsecurity and confidentiality of records and to protect against any anticipated threats or hazards to their security or\nintegrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on\nwhom information is maintained. ").\n\n30. Id. at \xc2\xa7552a(e)(4)(E).\n\n31. 40 Federal Register 28964 (July 9, 1975).\n\n32. 40 Federal Register 47976 (October 10. 1975).\n\n33. 55 Federal Register 40379 (October 3, 1990).\n\n34. 19 CFR \xc2\xa7201.25 (1995).\n\n35. Id. at \xc2\xa7201.25(d).\n\n36. 5 U .S.C. \xc2\xa7552a(d)(l).\n\n37. Id. at \xc2\xa7552(a)(4)(A)(iv)(II).\n\n38. Id. at \xc2\xa7552(a)(4)(A)(iv)(I) (1994).\n\n39. 19 CFR \xc2\xa7201.32 (1995).\n\n40. 5 U.S.C. \xc2\xa7552a(c) (1994).\n\n41. See OMB Privacy Act Guidelines, 40 Federal Register 28956 (July 9. 1975).\n\n42. Subsection (e)(3) provides that each agency shall --\n\n         (3) inform each individual whom it asks to supply information. on the form which it uses to collect the\ninformation or on a separate form that can be retained by the individual --\n                  (A) the authority (whether granted by statute. or by executive order of the President) which\n         authorizes the solicitation of the information and whether disclosure of such information is mandatory or\n        voluntary;\n                  (B) the principal purpose or purposes for which the information is intended to be used;\n                  (C) the routine uses which may be made of the information, as published pursuant to paragraph\n         (4)(D) of this subsection; and\n                  (D) the effects on him, if any, of not providing all or any part of the requested information.\n\n\n                                                           31\n\x0c5 U.S.C. \xc2\xa7552a(e)(3) (1994).\n\n43. There is case law holding that the notice must be specific in describing the routine uses that apply to the\nsystem of records for which information is being collected. The degree of specificity is not entirely clear, and\nlegal judgments are required about the sufficiency of the disclosure. See Covert v. Harrington, 876 F.2d 751 (9th\nCir. 1989) and United States v. Wilber, 696 F.2d 79 (8th Cir. 1982).\n\n44. The Commission uses many standard government-wide forms in the conduct of its business. These forms\noriginate with other agencies (e.g., Office of Personnel Management). The forms that I saw contained Privacy\nAct notices. It is appropriate for the Commission to rely on the notices prepared by other agencies and on their\njudgment about the need for and content of Privacy Act notices on these standard forms.\n\n45. The certification states that information on the application is public information subject to complete disclosure.\nThe public disclosure of the home address and automobile identifying information for agency personnel is unusual.\nThe disclosure of home address and vehicle information would not be routinely required under the Freedom of\nInformation Act. If disclosures are made to assist in finding additional members for a carpool (from within or\nwithout the agency), that would not be the same as a public disclosure. Also, depending on how the search for\nother riders is conducted, general disclosure of home addresses might be avoided if matching is conducted by a\nthird party.\n          Regardless, once a system of records is established for parking applications, the system notice will have\nto include a routine use covering those disclosures that are actually made. If the records are, in fact, disclosable\npublicly, it would be necessary to defme such a routine use in order to lawfully make the disclosure and to include\nthat information in the Privacy Act notice on the application form. However, unless there is a specific law or\npolicy that mandates these disclosures, the form itself might be revised and the disclosure note removed or revised\nto reflect actual practice and policy.\n\n46. 5 U.S.C. \xc2\xa7552a(u) (1994).\n\n47. Id. at \xc2\xa7552a(o).\n\n48. The Directive defming the mission and functions of the Director of the Office of Personnel provides that the\nDirector "serves as the Privacy Act Officer. No specific duties are identified for this responsibility. USITC\n                                             It\n\n\nDirective 1023.1 (2/27/93). Nothing in the Act or in OMB guidance defines the responsibilities of an agency\nPrivacy Act officer or requires that an agency have a Privacy Act Officer.\n\n49.5 U.S.C. \xc2\xa7552a(l)(2) (1994).\n\n50. Id. at \xc2\xa7552a(g).\n\n51. Id. at \xc2\xa7552a(g)(l)(D).\n\n52. Id. at \xc2\xa7552a(b)(1l).\n\n53. See Doe v, Stephens, 851 F.2d 1457 (D.C. Cir. 1988).\n\n54. "To opposing counsel, a court magistrate or administrative tribunal in the course of a legal proceeding, and to\nopposing counsel in the course of discovery proceedings for the purpose of enforcing or prosecuting a violation or\npotential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute\nor particular program statute, or by regulation, rule, or order issues pursuant thereto."\n\n\n\n\n                                                         32\n\x0c                                                  Appendix\n\n\n\n\nUNrrED ST/\\TES IN\'TERN,\\\'fIONAL TRADE COMMISSION\n\n                 W;\\SI t11\'H :TUN, DC 204:m\n\n\n\nSeptember 3D, 1996\n\n\n\nMEMORANDUM\n\n\nTO:      Inspector General\n\nFROM:    Director, Office of Personnel T,.YtI-~{\xc2\xa3~\n                                              j\nSUBJECT: Final Response to Inspector Generalis\n         Draft Report: Analysis of USITC\'s\n         Privacy Act Systems of Records\n\nI have reviewed the subject report and I find it\nto be a thorough and thoughtful critique of\nPrivacy Act implementation within the agency.\nIts major findings, i.e. those relating to the\nadequacy of existing systems of records and their\nproper notice -- comport with those identified by\nagency personnel. prior to this audit and the\nGeneral Counsel had already expended considerable\nresources in drafting revisions to ITC Systems\nNotices.    Based on discussions with the GCls\noffice, it is my impression that Mr. Gellman\'s\nknowledgeable recommendations will be extremely\nhelpful\xc2\xb7 in completing the revisions.\n\nSignificantly, the audit report points out that\nCommission policy has never defined and assigned\nresponsibility for Privacy Act administration.\nWhile the Director of Personnel has carried the\ntitle of Privacy Act Officer for many years, the\nreport makes clear that no corresponding duties\nhave ever been delineated for such a function and\nunderscores the fact that nothing in the Privacy\nAct nor OMB guidance defines the responsibilities\nof a Privacy Act Officer or requires that an\nagency" have one. So far as I am aware, the only\narticulated responsibilities regarding the Act,\nwhich are found in 19 CFR Part 201, subpart D, are\n\x0cPage 2\n\n\ndisclosure duties assigned to the Director of\nPersonnel, not to the Privacy Act Officer.   In\nfact, it appears that the limited disclosure\nresponsibility originally assigned to the Director\nof Personnel led to a later designation as Privacy\nAct Officer,  notwithstanding that the term is\nwithout content in Commission policy or\ndirectives.\n\nWith regard to the far more important aspects of\nprivacy administration such as the identification\nand publication of systems of records, no\nCommission policy has ever existed, nor have such\nresponsibilities ever been assigned. However, a\ngreat deal of very important work has already been\naccomplished on this front and is currently\nongoing.   I am informed by the General Counsel1s\nOffice that the redraft of the Commission\'s\nsystems of records and proposed revision of the\nCommission\'s Privacy Act rules is in an advanced\nstage.   I think that Office is to be commended for\nvoluntarily responding to a need which is simply\nconfirmed by this study.\n\nThe OGC1s work will in fact accomplish the\nmajority of needed actions identified in the\nreport.  However, there will still be a need for\nsomeone to implement those recommendations of a\nmore administrative nature.\n\nBoth the 1G and Mr. Gellman, author of the study,\nadmit that there is no lInatural fit" for Privacy\nAct responsibilities in small agencies, where they\nare generally assigned as collateral duties. Mr.\nGellman commented, for instance, that F01A and\nPrivacy are often combined in such environments\nand the" 1G acknowledged that there is a legitimate\nissue of where Privacy Act responsibilities should\nbe lodged in the Commission. However, in order to\navoid any delay in implementing the study1s\nrecommendations, she recommends assigning audit\nimplementation to the Director of Personnel, in\neffect tabling what is the threshold issue of\ndeciding who should be the Privacy Act Officer.\nThe urgency of this matter should be carefully\nevaluated.    First, the report makes quite evident\nthat the agency has little serious vulnerability\nin this matter.   Secondly, the Gels office is\nalready addressing the most important\nrecommendations, thereby reducing further the\npossibility that needed action will languish.\n\x0cPage 3\n\n\nFinally, whoever is eventually charged with\nadministrative responsibility will need the\nbenefit of participating in this program\'s\nimplementation, since it will constitute the most\nsubstantive experience anyone assigned to it will\nprobably ever receive, although the designee will\nalso need formal training to accomplish effective\nimplementation.  Consequently, it seems prudent to\navoid letting a somewhat questionable urgency\noverride careful deliberation about what is, in\neffect, an important issue of resource allocation.\n\nTherefore, I recommend that the Chairman review\nand determine, as a matter of effective personnel\nresource allocation, where Privacy Act\nadministration should be assigned. This would be\nsimultaneous with the GC effort to complete the\nimportant work already in progress, which will in\nfact form the fundamental framework for successful\nPrivacy Act administration.   I am happy to assist\nin this review and to participate in any capacity,\neither as individual adviser or in some joint\nevaluative process as designated by the Chairman.\n\nThis response and the recommendation contained\nherein were approved by the Chairman on this date.\n\n\n\n\ncc:   The Commission\n      General Counsel\n      Acting Director, Office of Administration\n\x0c'